Experts

WASHINGTON, D.C. — Uber announced Tuesday that hackers stole the personal data of 57 million customers and drivers in late 2016. The company said the customer data that was compromised in the breach included names, personal e-mail addresses, and phone numbers. Instead of reporting that customer data had been exposed, as is required by state and federal laws, Uber reportedly paid the hackers $100,000 to relinquish the data and keep quiet about the breach.

Justin Brookman, the director of consumer privacy and technology policy for Consumers Union, the policy and mobilization division of Consumer Reports, said the Uber breach underscores the urgent need for policymakers to step up and pass stronger laws to hold companies accountable for data security.

“Once again, we have a major company with a data breach that exposed the personal information of millions of Americans,” Brookman said. “Uber had a legal obligation to notify people affected by the breach, but it simply chose not to. Uber is reportedly under multiple government investigations for past business dealings, and this should be added to the list.

“The Uber breach raises broader concerns about the lack of corporate accountability when it comes to the security and privacy of our personal data. Congress has failed to act for far too long to pass security legislation that includes robust penalties and enforcement for companies that disregard the law. The time for Congress to act is now, before the next breach happens.”

Consumer Reports is the world’s largest independent product-testing organization. Using its more than 50 labs, auto test center, and survey research center, the nonprofit rates thousands of products and services annually. Founded in 1936, Consumer Reports has over 7 million subscribers to its magazine, website, and other publications. Its policy and mobilization division, Consumers Union, works for health reform, food and product safety, financial reform, and other consumer issues in Washington, D.C., the states, and in the marketplace.